Contact Us at +1-484-212-0850

How to Do a HIPAA Risk Analysis

Duration :

Course Description:

After explaining the need for conducting a HIPAA risk analysis and the penalties for not doing so, this Webinar will provide attendees a methodology for doing so. HIPAA does not specify a particular way of conducting such an analysis. But the author has taken hundreds of covered entities and business associates through the process and his way of doing must work because none of them have had a security breach.

Why should you Attend?

Even if HIPAA did not require risk analysis, good practice would. If you implement a security measure without conducting a risk analysis, you are just guessing.

More importantly, the vast majority of HIPAA Civil Money Penalties (fines) most in the seven figure range have been for the failure to conduct the risk analysis mandated by the Security Rule.

Areas Covered:

Topics which will be covered in the session (bulleted point)

  • What is a risk analysis?
  • Why must you conduct one
  • Penalties for not conducting one—with examples.
  • How to conduct a risk analysis:
    • Assemble a good team and what to do if you are a sole practitioner and don’t have anyone to be on the team.
    • Identify assets that must be protected and what you already have on hand to do so.
    • Identify risks to those assets.
    • Quantify the risks. How likely are they to happen and how harmful will they be if they do happen?
    • Select reasonable, cost effective security measures.
    • Test and revise.
  • How must you update the risk analysis (required)?
  • Conclusion and question and answer.

Who will benefit?

This webcast will be of a valuable assistance to the below audience.

  • Privacy and Security Officers
  • Medical Records Professionals
  • IT Professionalss
  • Clinicians
  • Office Managers
  • Risk Managers
  • Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like)
  • Healthcare Attorneys
  • Compliance Officers

Registration Options

Avail 12 months unlimited access for a single user.

Material shipped within 15 days post webinar completion & get life time access for unlimited participants.


HIPAA Privacy Officer, HIPAA Privacy Officer Training, HIPAA Privacy Officer Course, HIPAA and HITECH expectations, Protected Health Information, PHI, HIPAA Training, HIPAA 2019 Changes, HIPAA 2019 updates, HIPAA Changes, HIPAA Security, HIPAA Audit, Omnibus Rule, HIPAA 2019 Law, HIPAA cases, Health Insurance Portability and Accountability Act, Health and Human Services, Health Care, New HIPAA Rules, HIPAA Business Associate, HIPAA Violations and Fines, HIPAA Best Practices

Speaker Details



Healthcare Attorney, Author and President of EMR Legal

Jonathan P. Tomes has been an expert witness in litigation involving health information compliance issues and is the President of EMR Legal, Inc., a national HIPAA consulting firm. His knowledge of the law and of the practical aspects of handling security incidents to avoid liability provide a rare opportunity for compliance officers and medical records veterans and novices alike. Mr. Tomes has presented seminars nationally for more than 20

Refund Policy

Participants/Registrants for our live events, may cancel up to 72 hours prior to the start of the live session and ComplianceTrain will issue a letter of credit to be used towards any of ComplianceTrain's future events. The letter of credit will be valid for 12 months.

ComplianceTrain will process refund in cases where the event has been cancelled and is not rescheduled within 90 days from the original scheduled date of the webinar. In case if a live webinar is cancelled, participants/registrants may choose between recorded version of the course or a refund. Refunds will not be processed to participants who do not show up for the webinar. A webinar may be cancelled due to unavoidable circumstances, participants will be notified 24 hours before the scheduled start of the event. Contact us via email: